Posts
Poodle Vulnerability and SSLv3 Disablement

Wed 15 October 2014

As you may be aware, an Internet security protocol vulnerability has been found called “POODLE”. The vulnerability impacts a protocol called SSL 3.0, designed to ensure secure connections over the Internet. If exploited, this vulnerability can result in someone gaining access to a secure connection via this security protocol.

Byway of background nearly all Internet browsers support SSL 3.0. Though most companies doing business on the Internet have adopted its successor, Transport Layer Security (TLS).

CityPay must disable SSL 3.0 support as soon as we reasonably can. To that end, CityPay will remove support for SSL 3.0 completely at 03.00 GMT effective from 17th October 2014. Unfortunately, this may cause compatibility problems for a few of our Clients and their customers resulting in the inability to pay on some merchant sites.

How will this affect you and your customers?

If you’re using CityPay’s PayLink Gateway your customers may experience connection issues and subsequently be prevented from completing payments if they are using an old browser which doesn’t support TLS.

If you are using the CityPay PayPOST API you will need to ensure that your application/webserver supports TLS.

On a positive note most recent browsers support TLS and I’m also pleased to report, from our own tests, our systems are already partly mitigated against the Poodle vulnerability through other security measures.

Please accept our apologies for the short notice but I trust you can appreciate that when it comes to security matters of this nature we have a responsibility to act quickly.